In case you don’t know, SUPEE-5344 is an official security patch to the infamous Magento shoplift bug. That bug allows bad actors to obtain admin access to vulnerable Magento sites. While the patch was released February 2015 many sites unfortunately did not update, this gave hackers an opportunity to compromise thousands of Magento powered online stores. The anatomy of theRead […]
Archive | Security
RSS feed for this sectionPadding oracles and the decline of CBC-mode cipher suites
At CloudFlare, we’re committed to making sure the encrypted web is available to everyone, even those with older browsers. At the same time, we want to make sure that as many people as possible are using the most modern and secure encryption available to them. Improving the cryptography used by the majority requires a coordinated […]
Change the (S)Channel! Deconstructing the Microsoft TLS Session Resumption bug
Initial Problem Report Several months ago we started hearing occasional reports from .NET developers that they were having trouble maintaining HTTPS sessions with one of our customer’s websites. Establishing connections worked just fine but they would periodically get disconnected, resulting in an exception that crashed their application. Around the same time, we also started hearing […]
Seo-moz.com SEO Spam Campaign
Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisements by linking visitors to unwanted websites and stuffing spam keywords into the site. These links and keywords help the spam websites to rank higher in search engines like Google, sending evenRead […]
Magento PCI Compliance Issues and Theft Over TLS
With about 30% of the market share, Magento is gradually becoming a “WordPress” of the ecommerce world. Like WordPress, it becomes a major target for hackers due to its popularity. However, in the case of Magento, the main goal that hackers pursue is to steal money, either from shop customers or the shop owners. DuringRead […]
Server Security: Import WordPress Events to OSSEC
We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, centralized policy enforcement, rootkit detection, real-time alerting, and active response. It provides complete coverageRead […]
Massive Admedia/Adverting iFrame Infection
This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguishing features of this malware are: 32 hex digit comments at the beginning and end of the malicious code. E.g. /*e8def60c62ec31519121bfdb43fa078f*/ This comment is unique on every infected site. Most likely an MD5Read […]
The Risks of Hiring a Bad SEO Company
Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by services claiming to improve your website traffic or Search Engine Optimization (SEO). We recently received a report from one our clients claiming that their website was experiencing a DistributedRead […]
Advanced Technical “Hacks” for your site’s SEO
Improving your site’s SEO is probably top of mind for you, but doing so takes a lot of hard work and the rules of the game are constantly changing. On Tuesday, January 26th at 10am PT/1pm ET, CloudFlare is hosting a live discussion with some of the leading experts in technical SEO. They will share […]
Security Advisory: Stored XSS in Magento
Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 7/10 Vulnerability: Stored XSS Patched Version: Magento CE: 1.9,2.3, Magento EE: 1.14.2.3 During our regular research audits for our Cloud-based WAF, we discovered a Stored XSS vulnerability affecting the Magento platform that can be easily exploited remotely. We notified the Magento team and worked with them toRead […]
